Hello,
To understand this message, my first post can be found after the signature
lines.
After the crash of the NFS sever, the hangs of the computers where not
due to the audit but to NIS.
Some weeks ago I created the file /var/yp/securenets on my NIS servers.
The network number where incorrectly entered in the file. Every thing
worked well untill now because one of the NIS servers were not yet
rebooted with the new securenets file.
Today, after the NFS server crash and to solve other problems, I have
rebooted the NFS server (NIS Master) and the NIS slave. Because all
the NIS servers were now running with a bad securenets file, no NIS client
were able do bind to the NIS domaine.
I have modified the entry in securenets and every thing is OK now.
About the auditing, I still need help from persons having experience in
using an 'audit hub' under DECUNIX with the ability to run 'audit -x'.
Christophe.
***
Christophe DIARRA
Institut de Physique Nucleaire
Bat 100 - S2I
91406 ORSAY Cedex
Tel: (33) 01 69 15 65 60
Fax: (33) 01 69 15 64 70
E-mail: diarra_at_ipno.in2p3.fr
***
> Hello,
>
> I have started auditing on all my DECUNIX machines.
>
> First I tried to have an audit HUB but without any succes:
> 1) audit -x does not work in this case
> 2) some clients are unable to send audilogs to the audit hub
> without any raisons and then store auditlogs in /var/adm.
>
> I abandonned the audit HUB and now I am using NFS to write auditlogs
> in mounted directories.
>
> THE PROBLEM NOW:
>
> After a crash and the reboot of the NFS sever, all the clients hangs.
> ping works, telnet takes many many minutes before asking for the
> password.The computers are to slow and are unusable. I am obliged to
> reboot.
>
> THE QUESTIONS:
>
> 1) Is it possible to use NFS with audit on DECUNIX ?
> What happens when the NFS server crashes ?
> Is it possible to stop auditing when NFS is not working ?
>
> Following is my auditd options from /etc/rc.config:
>
> AUDITD_FLAG="-l /import/admin/audit/decunix/files/ipnosb/auditlog -c
> /var/audit/auditd_cons -o kill "
> export AUDITD_FLAG
> AUDITMASK_FLAG=" -s exec_argp -s login_uname < /etc/sec/audit_events"
>
> 2) Why the audit hub functionality works for only for some clients ?
> I am sure there is no authorisation problems. Some times it stops
> working for a client after /sbin/init.d/audit stop then
> /sbin/init.d/audit start.
>
> Christophe.
Received on Mon Dec 15 1997 - 18:52:01 NZDT